Amazon Linux 2023 Security Advisory: ALAS2023-2025-888
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-03-06
Severity:
Medium
References:
CVE-2024-31068
CVE-2024-37020
CVE-2024-39279
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access. (CVE-2024-31068)
Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2024-37020)
Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. (CVE-2024-39279)
Affected Packages:
microcode_ctl
Issue Correction:
Run dnf update microcode_ctl --releasever 2023.6.20250303 to update your system.
System reboot is required in order to complete this update.
New Packages:
src:
microcode_ctl-2.1-53.amzn2023.0.11.src
x86_64:
microcode_ctl-2.1-53.amzn2023.0.11.x86_64